End-of-Day report
Timeframe: Mittwoch 25-05-2022 18:00 - Freitag 27-05-2022 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Thomas Pribitzer
News
New ChromeLoader malware surge threatens browsers worldwide
The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable operation volume since the start of the year, which means that the malvertiser is now becoming a widespread threat.
https://www.bleepingcomputer.com/news/security/new-chromeloader-malware-surge-threatens-browsers-worldwide/
New -Cheers- Linux ransomware targets VMware ESXi servers
A new ransomware named Cheers has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers.
https://www.bleepingcomputer.com/news/security/new-cheers-linux-ransomware-targets-vmware-esxi-servers/
New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps
The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets.
https://www.bleepingcomputer.com/news/security/new-ermac-20-android-malware-steals-accounts-wallets-from-467-apps/
Microsoft shares mitigation for Windows KrbRelayUp LPE attacks
Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations.
https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigation-for-windows-krbrelayup-lpe-attacks/
Windows 11 KB5014019 breaks Trend Micro ransomware protection
This weeks Windows optional cumulative update previews have introduced a compatibility issue with some of Trend Micros security products that breaks some of their capabilities, including the ransomware protection feature.
https://www.bleepingcomputer.com/news/security/windows-11-kb5014019-breaks-trend-micro-ransomware-protection/
Warten auf abgesicherte Version: Anonymes Surfen unter Tails gefährdet
Wer mit dem Tor Browser des Tails-Systems surft, könnte Passwörter an Angreifer preisgeben.
https://heise.de/-7123771
Sie sollen Zollgebühren mit einer Paysafecard bezahlen? Achtung, Betrug!
Kriminelle versenden betrügerische E-Mails im Namen des Zolls und behaupten, dass Sie Zollgebühren bezahlen müssen, und zwar in Form einer Paysafecard. Nur so könne Ihr Paket zugestellt werden. Ignorieren Sie solche E-Mails, Kriminelle versuchen nur an Ihr Geld zu kommen.
https://www.watchlist-internet.at/news/sie-sollen-zollgebuehren-mit-einer-paysafecard-bezahlen-achtung-betrug/
Vulnerabilities
IBM Security Bulletins 2022-05-26 - 2022-05-27
IBM MQ Internet Pass-Thru, IBM MQ Operator, IBM MQ Appliance, IBM MQ trace, IBM Semeru Runtime, IBM Sterling Control Center, IBM App Connect Enterprise, IBM Watson Discovery, IBM Spectrum Control, IBM Netezza Host Management, IBM Tivoli Netcool/OMNIbus Probe Integrations, IBM DataPower.
https://www.ibm.com/blogs/psirt/
Sicherheitsupdates: Angreifer könnten Netzwerk-Hardware von Citrix lahmlegen
Es gibt wichtige Sicherheitspatches für Citritx ADC und Citrix Gateway. Angreifer könnten die Netzwerk-Hardware lahmlegen.
https://heise.de/-7123795
Security updates for Thursday
Security updates have been issued by Debian (chromium, dpkg, filezilla, irssi, puma, and python-django), Fedora (firefox, ignition, and pcre2), Mageia (cockpit, firefox/thunderbird, openldap, supertux, unrar, and vim), Oracle (firefox and thunderbird), Red Hat (rh-varnish6-varnish), SUSE (cups, fribidi, kernel-firmware, redis, and wpa_supplicant), and Ubuntu (dpkg, logrotate, and subversion).
https://lwn.net/Articles/896346/
Security updates for Friday
Security updates have been issued by Debian (atftp, cups, neutron, and zipios++), Fedora (clash, moodle, python-jwt, and thunderbird), Red Hat (thunderbird), Slackware (cups), SUSE (go1.17, libredwg, opera, seamonkey, and varnish), and Ubuntu (libxv, ncurses, openssl, and subversion).
https://lwn.net/Articles/896465/
ABB Cyber Security Advisory: e-Design - Multiple vulnerabilities
https://search.abb.com/library/Download.aspx?DocumentID=2%20CMT%200%200%206%200%208%206&LanguageCode=en&DocumentPartId=&Action=Launch
K32760744: libxml2 vulnerability CVE-2022-23308
https://support.f5.com/csp/article/K32760744
K54724312: Linux kernel vulnerability CVE-2022-0492
https://support.f5.com/csp/article/K54724312
Drupal: Mehrere Schwachstellen
http://www.cert-bund.de/advisoryshort/CB-K22-0661
Drupal CORE: Schwachstelle ermöglicht nicht spezifizierten Angriff
http://www.cert-bund.de/advisoryshort/CB-K22-0662
Keysight N6854A Geolocation server and N6841A RF Sensor software
https://us-cert.cisa.gov/ics/advisories/icsa-22-146-01
Horner Automation Cscape Csfont
https://us-cert.cisa.gov/ics/advisories/icsa-22-146-02
Cross-Site Request Forgery Vulnerability in Proxy Server
https://www.qnap.com/en-us/security-advisory/QSA-22-18